Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refreshToken used in custom middleware returns null #896

Closed
erosRCS opened this issue Sep 3, 2024 · 4 comments · Fixed by #899
Closed

refreshToken used in custom middleware returns null #896

erosRCS opened this issue Sep 3, 2024 · 4 comments · Fixed by #899
Labels
bug A bug that needs to be resolved p4 Important Issue provider-refresh An issue with the refresh provider

Comments

@erosRCS
Copy link

erosRCS commented Sep 3, 2024

Environment

  • Operating System: Darwin
  • Node Version: v18.18.0
  • Nuxt Version: 3.7.4
  • CLI Version: 3.9.0
  • Nitro Version: 2.9.7
  • Package Manager: yarn@4.0.2
  • Builder: -
  • User Config: css, components, dayjs, devtools, imports, modules, plugins, auth, runtimeConfig
  • Runtime Modules: @nuxtjs/eslint-module@4.1.0, dayjs-nuxt@2.0.2, @pinia/nuxt@0.5.1, @pinia-plugin-persistedstate/nuxt@1.2.0, @nuxt/image@1.7.0, @sidebase/nuxt-auth@0.9.1
  • Build Modules: -

Reproduction

  1. Have the following auth configuration
image
  1. Sign in using signIn composable from useAuth
  2. In a protected page, use a custom auth middleware
image
  1. Try to get the refresh token using useAuth, and useCookie from Nuxt
image

Describe the bug

image

refreshToken is returned as null, even thought the cookie does exist, as proved by it existing when using refreshToken with useCookie. This is before its max age is reached. This makes it so that if i want to call the refresh() method from useAuth, it will fail, because a null value will be sent instead of the actual refreshToken. What could be a workaround for this?

Additional context

Im currently trying to define a custom logic to get the access and refresh tokens using this library. For testing, i setted the max age for the access tokens to be just 10 seconds.

For extra context, this problem doesnt happen with the access token, before its 10 seconds mark, which is the expected behaviour as told by the documentation. It only happens with refreshToken for some reason.

Logs

No response
@erosRCS erosRCS added bug A bug that needs to be resolved pending An issue waiting for triage labels Sep 3, 2024
@erosRCS erosRCS changed the title refreshToken used in custom middleware return null refreshToken used in custom middleware returns null Sep 3, 2024
@Suniron
Copy link

Suniron commented Sep 3, 2024

I have the same problem!

The refresh request, manually triggered, sends refreshToken: null as body which causes a 400 error from my backend API.

In my case I can't use this lib to do my authentication because the refresh feature doesn't work well..

I also tried to use a lighter configuration as possible (I have an issue on this repo with more details) but even in 0.8.x version, it seems to be not really stable 🥲.

I think it's a problem about an element in the config that must be forced to set (like the default value is not set). I already found a similar problem like this in the past with this lib. But I tried many different configuration 😥.

I hope we found the mistake because I really like the initiative of this library 😊

@erosRCS
Copy link
Author

erosRCS commented Sep 3, 2024

I have the same problem!

The refresh request, manually triggered, sends refreshToken: null as body which causes a 400 error from my backend API.

In my case I can't use this lib to do my authentication because the refresh feature doesn't work well..

I also tried to use a lighter configuration as possible (I have an issue on this repo with more details) but even in 0.8.x version, it seems to be not really stable 🥲.

I think it's a problem about an element in the config that must be forced to set (like the default value is not set). I already found a similar problem like this in the past with this lib. But I tried many different configuration 😥.

I hope we found the mistake because I really like the initiative of this library 😊

I see, didnt know it was an already old problem. And same as well! I like the library, so hopefully it is an easy fixable bug, or in any case something that can be done with the config files.

@phoenix-ru
Copy link
Collaborator

Hi @erosRCS , thank you for a good reproduction! I will take a look into that today

@phoenix-ru phoenix-ru added p4 Important Issue provider-refresh An issue with the refresh provider and removed pending An issue waiting for triage labels Sep 5, 2024
@phoenix-ru phoenix-ru mentioned this issue Sep 5, 2024
Merged
9 tasks
phoenix-ru added a commit that referenced this issue Sep 5, 2024
@phoenix-ru
fix(#896): set rawRefreshToken default value
282ea3a
zoey-kaiser pushed a commit that referenced this issue Sep 5, 2024
@phoenix-ru
fix(#896): set rawRefreshToken default value (#899)
ccf7ba0
@anjarupnik
Copy link
Contributor

@phoenix-ru I was just working on implementing refresh token and I noticed that this fix is causing issue in case there is an error in refresh-token.server.ts (for example refresh token is invalid). In case of error, rawRefreshToken should be set to null and stay null but it is being overwritten with invalid refreshToken stored in cookie on line:
if (rawRefreshToken.value === null) { rawRefreshToken.value = _rawRefreshTokenCookie.value }.
I would propose to set rawRefreshToken.value the same way as it is done for auth token:
rawRefreshToken = useState("auth:raw-refresh-token", () => _rawRefreshTokenCookie.value)
instead of updating it later if it is null.
I have tried this solution and using it in my app and it works fine. Let me know if you think this is a good solution, I can open PR for it :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug A bug that needs to be resolved p4 Important Issue provider-refresh An issue with the refresh provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(#896): set rawRefreshToken default value sidebase/nuxt-auth
4 participants
@phoenix-ru @anjarupnik @Suniron @erosRCS